From: Harlan Stenn Date: Sat, 8 Feb 2003 06:49:26 +0000 (-0500) Subject: NIST lockclock stuff form Dave Mills. X-Git-Tag: NTP_4_1_74~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6bc33cdc67e076d40e49ba4c3b834f077dae2a36;p=thirdparty%2Fntp.git NIST lockclock stuff form Dave Mills. bk: 3e44a876lZPKK6l8pWEZYM1vd9lgNA --- diff --git a/configure.in b/configure.in index 4085275deb..061c19aa19 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ AC_CANONICAL_SYSTEM AC_DEFINE_UNQUOTED(STR_SYSTEM, "$host", [canonical system (cpu-vendor-os) string]) AM_CONFIG_HEADER(config.h) AC_ARG_PROGRAM -AM_INIT_AUTOMAKE(ntp, 4.1.73) +AM_INIT_AUTOMAKE(ntp, 4.1.73a) AC_PREREQ(2.52) # We need the cross-compile-aware SIZEOF stuff. ac_cv_var_atom_ok=no @@ -3440,6 +3440,15 @@ case "$ac_cv_var_irig_sucks" in yes) AC_DEFINE(IRIG_SUCKS, 1, [Should we use the IRIG sawtooth filter?]) ;; esac +AC_CACHE_CHECK(if we should enable NIST lockclock scheme, ac_cv_var_nist_lockclock, +[AC_ARG_ENABLE(nist, + AC_HELP_STRING([--enable-nist], [- if we should enable the NIST lockclock scheme]), + [ans=$enableval],[ans=no]) +ac_cv_var_nist_lockclock=$ans]) +case "$ac_cv_var_nist_lockclock" in + yes) AC_DEFINE(LOCKCLOCK, 1, [Should we align with the NIST lockclock scheme?]) ;; +esac + case "$build" in $host) ;; diff --git a/html/accopt.html b/html/accopt.html index cf30c470cd..253201daf2 100644 --- a/html/accopt.html +++ b/html/accopt.html @@ -12,7 +12,7 @@

Access Control Options

giffrom Pogo, Walt Kelly

The skunk watches for intruders and sprays.

-

Last update: 04:20 UTC Thursday, January 23, 2003

+

Last update: 16:29 UTC Friday, February 07, 2003


Related Links

@@ -24,40 +24,46 @@

Access Control Support

- The ntpd implements a general purpose address/mask based restriction list. The list contains address/match entries sorted first by increasing address values and and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address is equal to the bitwise AND of the mask and address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry. Additional information and examples can be found in the Notes on Configuring NTP and Setting up a NTP Subnet page. + The ntpd daemon implements a general purpose address/mask based restriction list. The list contains address/match entries sorted first by increasing address values and and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address is equal to the bitwise AND of the mask and address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry. Additional information and examples can be found in the Notes on Configuring NTP and Setting up a NTP Subnet page.

The restriction facility was implemented in conformance with the access policies for the original NSFnet backbone time servers. Later the facility was expanded to deflect cryptographic and clogging attacks. While this facility may be useful for keeping unwanted or broken or malicious clients from congesting innocent servers, it should not be considered an alternative to the NTP authentication facilities. Source address based restrictions are easily circumvented by a determined cracker.

-

Clients can be denied service because they are explicitly included in the restrict list created by the restrict command or implicitly as the result of cryptographic or rate limit violations. Cryptographic violations include certificate or identity verification failure; rate limit violations generally result from multiple clients from the same network congesting the server. Cryptographic violations cause the single offender to be denied further access, while rate limit violations cause the entire network to be denied access. When a client or network is denied access for these reasons, the only way at present to remove the restrictions is by restarting the server.

+

Clients can be denied service because they are explicitly included in the restrict list created by the restrict command or implicitly as the result of cryptographic or rate limit violations. Cryptographic violations include certificate or identity verification failure; rate limit violations generally result from defective NTP implementations that send packets at abusive rates. Some violations cause denied service only for the offending packet, others cause denied service for a timed period and others cause the denied service for an indefinate period. When a client or network is denied access for an indefinate period, the only way at present to remove the restrictions is by restarting the server.

The Kiss-of-Death Packet

Ordinarily, packets denied service are simply dropped with no further action except incrementing statistics counters. Sometimes a more proactive response is needed, such as a server message that explicitly requests the client to stop sending and leave a message for the system operator. A special packet format has been created for this purpose called the "kiss-of-death" (KoD) packet. KoD packets have the leap bits set unsynchronized and stratum set to zero and the reference identifier field set to a four-byte ASCII code. If the noserve or notrust flag of the matching restrict list entry is set, the code is "DENY"; if the limited flag is set and the rate limit is exceeded, the code is "RATE". Finally, if a cryptographic violation occurs, the code is "CRYP".

A client receiving a KoD performs a set of sanity checks to minimize security exposure, then updates the stratum and reference identifier peer variables, sets the access denied (TEST4) bit in the peer flash variable and sends a message to the log. As long as the TEST4 bit is set, the client will send no further packets to the server. The only way at present to recover from this condition is to restart the protocol at both the client and server. This happens automatically at the client when the association times out. It will happen at the server only if the server operator cooperates.

Access Control Commands

+
discard [ average avg ][ minimum min ] +
Set the parameters of the limited facility which protects the server from client abuse. The average avg subcommand specifies the minimum average packet spacing, while the minimum min subcommand specifies the minimum packet spacing. Packets that violate these minima are discarded and a kiss-of-death packet returned if enabled. The default minimum average and minimum are 5 and 2, respectively.
restrict address [mask mask] [flag][...]
The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in dotted-quad form defaults to 255.255.255.255, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0) is always included and is always the first entry in the list. Note that text string default, with no mask option, may be used to indicate the default entry.
In the current implementation, flag always restricts access, i.e., an entry with no flags indicates that free access to the server is to be given. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags can generally be classed into two catagories, those which restrict time service and those which restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:
+
ignore +
Deny packets of all kinds, including ntpq and ntpdc queries.
kod -
If this flag is set when an access violation occurs, a kiss-of-death (KoD) packet is sent. KoD packets are rate limited to no more than one per second. If another KoD packet occurs within one second after the last one, the packet is dropped
ignore -
Deny packets of all kinds, including ntpq and ntpdc queries.
noquery -
Deny ntpq and ntpdc queries. Time service is not affected.
nomodify -
Deny ntpq and ntpdc queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.
notrap -
Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the ntpdq control message protocol which is intended for use by remote event logging programs.
lowpriotrap +
If this flag is set when an access violation occurs, a kiss-of-death (KoD) packet is sent. KoD packets are rate limited to no more than one per second. If another KoD packet occurs within one second after the last one, the packet is dropped +
limited +
Deny service if the packet spacing violates the lower limits specified in the discard command. A history of clients is kept using the monitoring capability of ntpd. Thus, monitoring is always active as long as there is a restriction entry with the limited flag. +
lowpriotrap
Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps. +
nomodify +
Deny ntpq and ntpdc queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted. +
noquery +
Deny ntpq and ntpdc queries. Time service is not affected. +
nopeer +
Deny packets which would result in mobilizing a new association.  This includes broadcast and symmetric active packets when a configured association does not exist.
noserve -
Deny all packets except ntpq and ntpdc queries.
nopeer -
Deny packets which would result in mobilizing a new association.  This includes broadcast and symmetric active packets when a configured association does not exist.
notrust -
Deny service unless the packet is cryptographically authenticated.
limited -
These hosts are subject to limitation of number of clients from the same net. Net in this context refers to the IP notion of net (class A, class B, class C, etc.). Only the first client_limit hosts that have shown up at the server and that have been active during the last client_limit_period seconds are accepted. Requests from other clients from the same net are rejected. Only time request packets are taken into account. Query packets sent by the ntpq and ntpdc programs are not subject to these limits. A history of clients is kept using the monitoring capability of ntpd. Thus, monitoring is always active as long as there is a restriction entry with the limited flag. +
Deny all packets except ntpq and ntpdc queries. +
notrap +
Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the ntpdq control message protocol which is intended for use by remote event logging programs. +
notrust +
Deny service unless the packet is cryptographically authenticated.
ntpport
This is actually a match algorithm modifier, rather than a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both ntpport and non-ntpport may be specified. The ntpport is considered more specific and is sorted later in the list.
version -
Deny packets that do not match the current NTP version. +
Deny packets that do not match the current NTP version.
-
Default restriction list entries, with the flags ignore, interface, ntpport, for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). -
clientlimit limit -
Set the client_limit variable, which limits the number of simultaneous access-controlled clients. The default value for this variable is 3. -
clientperiod period -
Set the client_limit_period variable, which specifies the number of seconds after which a client is considered inactive and thus no longer is counted for client limit restriction. The default value for this variable is 3600 seconds. +
Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted).

diff --git a/html/drivers/driver1.html b/html/drivers/driver1.html index 2f8edd4e87..7a3a9d2239 100644 --- a/html/drivers/driver1.html +++ b/html/drivers/driver1.html @@ -21,8 +21,19 @@

A third application for this driver is when an external discipline source is available, such as the NIST lockclock program, which synchronizes the local clock via a telephone modem and the NIST Automated Computer Time Service (ACTS), or the Digital Time Synchronization Service (DTSS), which runs on DCE machines. In this case the stratum should be set at zero, indicating a bona fide stratum-1 source. In the case of DTSS, the local clock can have a rather large jitter, depending on the interval between corrections and the intrinsic frequency error of the clock oscillator. In extreme cases, this can cause clients to exceed the 128-ms slew window and drop off the NTP subnet.

In the case where a NTP time server is synchronized to some device or protocol that is not external to the NTP daemon itself, some means should be provided to pass such things as error and health values to the NTP daemon for dissemination to its clients. If this is not done, there is a very real danger that the device or protocol could fail and with no means to tell NTP clients of the mishap. When ordinary Unix system calls like adjtime() are used to discipline the kernel clock, there is no obvious way this can be done without modifying the code for each case. However, when a modified kernel with the ntp_adjtime() system call  is available, that routine can be used for the same purpose as the adjtime() routine and in addition provided with the estimated error, maximum error, and leap-indicator values. This is the preferred way to synchronize the kernel clock and pass information to the NTP clients.

In the default mode the behavior of the clock selection algorithm is modified when this driver is in use. The algorithm is designed so that this driver will never be selected unless no other discipline source is available. This can be overridden with the prefer keyword of the server configuration command, in which case only this driver will be selected for synchronization and all other discipline sources will be ignored. This behavior is intended for use when an external discipline source controls the system clock. See the Mitigation Rules and the prefer Keyword page for a detailed description of the exact behavior.

-

The stratum for this driver is set at 3 by default, but can be changed by the fudge configuration command and/or the ntpdc utility. The reference ID is LCL by default, but can be changed using the same mechanisms. *NEVER* configure this driver to operate at a stratum which might possibly disrupt a client with access to a bona fide primary server, unless the local clock oscillator is reliably disciplined by another source. *NEVER NEVER* configure a server which might devolve to an undisciplined local clock to use multicast mode.

+

The stratum for this driver is set at 5 by default, but can be changed by the fudge configuration command and/or the ntpdc utility. The reference ID is LCL by default, but can be changed using the same mechanisms. *NEVER* configure this driver to operate at a stratum which might possibly disrupt a client with access to a bona fide primary server, unless the local clock oscillator is reliably disciplined by another source. *NEVER NEVER* configure a server which might devolve to an undisciplined local clock to use multicast mode.

This driver provides a mechanism to trim the local clock in both time and frequency, as well as a way to manipulate the leap bits. The fudge time1 parameter adjusts the time (in seconds) and the fudge time2 parameter adjusts the frequency (in parts per million). Both parameters are additive and operate only once; that is, each command (as from ntpdc) adds signed increments in time or frequency to the nominal local clock time and frequency.

+

Operation with an External Reference Source

+

There are special provisions for this driver to operate in conjunction with an external reference source, such as the LOCKCLOCK scheme used by the NIST time servers. In such schemes the system clock is disciplined by a source external to NTP, in the LOCKCLOCK case an ACTS telephone modem. To support LOCKCLOCK the NTP distribution should be built with the --enable-nist parameter in the configuration phase of the build procedure. This changes the system behavior as follows:

+
    +
  1. The system clock is not disciplined in any way other than to call the ntp_adjtime() system call to obtain the kernel leap code, which becomes the driver leap code and. If the kernel leap code is 11 (not synchronized), the driver stratum is infinity; otherwise the stratum is set by the stratum subcommand on the fudge command applying to the driver. +
  2. The NTP algorithms operate in the normal fashion with this driver and possibly other drivers and servers; however, the local clock driver as the prefer peer will always be selected, even if declared falseticker by the selection algorithm or fails to survive the clustering algorithm. +
  3. If the driver leap code is 11, the system leap code is 11, system stratum infinity and system reference identifier DOWN. This provides a definitive status condition to dependent clients. +
+

The local clock driver should be configured something like this:

+

server 127.127.1.1 prefer

+

fucge 127.127.1.1 stratum 0 refid NIST

+

The prefer keyword forces the driver to discipline the clock, even if other servers are configured and running correctly. This is convenient when a number of servers watch each other for monitoring and statistics gathering. In particular, the peerstats data and sysstats data can be collected at each server, aggregated for daily or weekly reports and sent by electric mail to a monitoring site. In addition, the full suite of cryptographic authentication algorithms is avialable to other servers and dependent clients.

Monitor Data

No filegen clockstats monitor data are produced by this driver.

Fudge Factors

diff --git a/html/miscopt.html b/html/miscopt.html index ba7ac720ae..0a29c41fe9 100644 --- a/html/miscopt.html +++ b/html/miscopt.html @@ -12,7 +12,7 @@

Miscellaneous Options

giffrom Pogo, Walt Kelly

We have three, now looking for more.

-

Last update: 15:30 UTC Monday, January 20, 2003

+

Last update: 16:07 UTC Friday, February 07, 2003


Related Links

@@ -23,10 +23,12 @@
calldelay delay
This option controls the delay in seconds between the first and second packets sent in burst or iburst mode to allow additional time for a modem or ISDN call to complete.
driftfile driftfile -
This command specifies the name of the file used to record the frequency offset of the local clock oscillator. This is the same operation as the -f command linke option. If the file exists, it is read at startup in order to set the initial frequency offset and then updated once per hour with the current frequency offset computed by the daemon. If the file does not exist or this command is not given, the initial frequency offset is assumed zero. In this case, it may take some hours for the frequency to stabilize and the residual timing errors to subside.

The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. This implies that ntpd must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided.

+
This command specifies the name of the file used to record the frequency offset of the local clock oscillator. This is the same operation as the -f command linke option. If the file exists, it is read at startup in order to set the initial frequency offset and then updated once per hour with the current frequency offset computed by the daemon. If the file does not exist or this command is not given, the initial frequency offset is assumed zero. In this case, it may take some hours for the frequency to stabilize and the residual timing errors to subside. +

The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. This implies that ntpd must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided.

enable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats]
disable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats ]
Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that all of these flags can be controlled remotely using the ntpdc utility program. +
auth
Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. The default for this flag is enable. @@ -69,8 +71,10 @@
huffpuff huffpuff
The argument becomes the new value for the experimental huff-n'-puff filter span, which determines the most recent interval the algorithm will search for a minimum delay. The lower limit is 900 s (15 m), but a more reasonable value is 7200 (2 hours). There is no default, since the filter is not enabled unless this command is given.
panic panic -
The argument is the panic threshold, normally 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.
step step -
The argument is the step threshold, which by default is 0.128 s. It can be set to any positive number in seconds. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default.
stepout stepout +
The argument is the panic threshold, normally 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted. +
step step +
The argument is the step threshold, which by default is 0.128 s. It can be set to any positive number in seconds. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default. +
stepout stepout
The argument is the stepout timeout, which by default is 900 s. It can be set to any positive number in seconds. If set to zero, the stepout pulses will not be suppressed.
trap host_address [port port_number] [interface interface_address] diff --git a/html/monopt.html b/html/monopt.html index 51154ca292..f790bc8b36 100644 --- a/html/monopt.html +++ b/html/monopt.html @@ -12,12 +12,12 @@

Monitoring Options

giffrom Pogo, Walt Kelly

The pig watches the logs.

-

Last update: 20:24 UTC Monday, December 02, 2002

+

Last update: 17:22 UTC Friday, February 07, 2003


Related Links


- ntpd includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the statistics command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the ./scripts directory of this distribution. Using these facilities and Unix cron jobs, the datacan be automatically summarized and archived for retrospective analysis. + ntpd includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the statistics command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the ./scripts directory of this distribution. Using these facilities and Unix cron jobs, the datacan be automatically summarized and archived for retrospective analysis.

Monitoring Commands

statistics name [...] @@ -37,12 +37,34 @@
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter (seconds), Allan deviation (PPM) and clock discipline time constant.
peerstats
Enables recording of peer statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats: -
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674 +
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address in dotted-quad notation and status, respectively. The status field is encoded in hex in the format described in Appendix A of the NTP specification RFC 1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in seconds.
rawstats
Enables recording of raw-timestamp statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named rawstats: -
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 +
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the remote peer or clock address followed by the local address in dotted-quad notation, The final four fields show the originate, receive, transmit and final NTP timestamps in order. The timestamp values are as received and before processing by the various data smoothing and mitigation algorithms. + +
sysstats +
Enables recording of ntpd statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named sysstats: + +
50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 +
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The remaining ten fields show the statistics counter values accumulated since the last generated line.
+
Time since restart 36000 +
Time in hours since the system was last rebooted.
Packets received 81965 +
Total number of packets received. +
Packets processed 0 +
Number of packets received in response to previous packets sent +
Current version 9546 +
Number of packets matching the current NTP version. +
Previous version 56 +
Number of packets matching the previous NTP version.
Bad version 71793 +
Number of packets matching neither NTP version.
Access denied 512 +
Number of packets denied access for any reason. +
Bad length or format 540 +
Number of packets with invalid length, format or port number. +
Bad authentication 10 +
Number of packets not verified as authentic.
Rate exceeded 147 +
Number of packets discarded due to rate limitation.
statsdir directory_path
Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) filegen filename prefix to be modified for file generation sets, which is useful for handling statistics logs. diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 52ea24da4b..9ba715f36c 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -49,44 +49,6 @@ extern int priority_done; * Lines are considered terminated when a '#' is encountered. Blank * lines are ignored. */ - -/* - * We understand the following configuration entries and defaults. - * - * peer [ -4 | -6 ] [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * server [ -4 | -6 ] [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * broadcast [ -4 | -6 ] [ addr ] [ version 3 ] [ key 0 ] [ ttl 1 ] - * broadcastclient - * multicastclient [ -4 | -6 ] [ 224.0.1.1 ] - * manycastclient [ -4 | -6 ] [ addr ] [ version 3 ] [ key 0 ] [ minpoll 6 ] [ maxpoll 10 ] - * manycastserver [ -4 | -6 ] [ 224.0.1.1 ] - * broadcastdelay 0.0102 - * restrict [ -4 | -6 ] [ addr ] [ mask 255.255.255.0 ] ignore|noserve|notrust|noquery - * driftfile file_name - * keys file_name - * publickey file_name - * privatekey file_name - * statsdir /var/NTP/ - * filegen peerstats [ file peerstats ] [ type day ] [ link ] - * police [ min n ] [ avg n ] - * trustedkey [ key ] - * requestkey [ key ] - * controlkey [ key ] - * trap [ -4 | -6 ] [ addr ] - * fudge [ addr ] [ stratum ] [ refid ] ... - * pidfile [ ] - * setvar [ ] - * logfile logfile - * logconfig [+|-|=][{sync|sys|peer|clock}{{,all}{info|statistics|events|status}}]... - * enable auth|bclient|pll|kernel|monitor|stats|calibrate - * disable auth|bclient|pll|kernel|monitor|stats|calibrate - * phone ... - * pps device [assert|clear] [hardpps] - * priority high|normal - * tinker [keyword value] ... - * tos [keyword value] ... - */ - /* * Translation table - keywords to function index */ @@ -203,7 +165,6 @@ static struct keyword fudge_keywords[] = { { "", CONFIG_UNKNOWN } }; - /* * "filegen" modifier keywords */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 7536448b86..4e8b6b1bc4 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -1477,7 +1477,8 @@ ctl_putpeer( case CP_REFID: if (peer->flags & FLAG_REFCLOCK) { - if (peer->stratum > 0) + if (peer->stratum > 0 && peer->stratum < + STRATUM_UNSPEC) ctl_putadr(peer_var[CP_REFID].text, peer->refid, NULL); else diff --git a/ntpd/ntp_loopfilter.c b/ntpd/ntp_loopfilter.c index c0d2a442d3..bd7e286073 100644 --- a/ntpd/ntp_loopfilter.c +++ b/ntpd/ntp_loopfilter.c @@ -186,6 +186,9 @@ init_loopfilter(void) /* * local_clock - the NTP logical clock loop filter. Returns 1 if the * clock was stepped, 0 if it was slewed and -1 if it is hopeless. + * + * LOCKCLOCK: The only thing this routine does is set the + * sys_rootdispersion variable equal to the peer dispersion. */ int local_clock( @@ -212,6 +215,11 @@ local_clock( "local_clock: assocID %d offset %.6f jitter %.6f state %d\n", peer->associd, fp_offset, SQRT(epsil), state); #endif +#ifdef LOCKCLOCK + sys_rootdispersion = peer->rootdispersion; + return (0); + +#else /* LOCKCLOCK */ if (!ntp_enable) { record_loop_stats(fp_offset, drift_comp, SQRT(epsil), clock_stability, sys_poll); @@ -474,7 +482,7 @@ local_clock( } } -#if defined(KERNEL_PLL) +#ifdef KERNEL_PLL /* * This code segment works when clock adjustments are made using * precision time kernel support and the ntp_adjtime() system @@ -673,11 +681,15 @@ local_clock( tc_counter); #endif /* DEBUG */ return (retval); +#endif /* LOCKCLOCK */ } /* * adj_host_clock - Called once every second to update the local clock. + * + * LOCKCLOCK: The only thing this routine does is increment the + * sys_rootdispersion variable. */ void adj_host_clock( @@ -699,6 +711,7 @@ adj_host_clock( */ sys_rootdispersion += clock_phi; +#ifndef LOCKCLOCK /* * Declare PPS kernel unsync if the pps signal has not been * heard for a few minutes. @@ -743,6 +756,7 @@ adj_host_clock( adjustment = clock_offset / (CLOCK_PLL * pow(2, dtemp)); clock_offset -= adjustment; adj_systime(adjustment + drift_comp); +#endif /* LOCKCLOCK */ } @@ -791,6 +805,8 @@ huffpuff() /* * loop_config - configure the loop filter + * + * LOCKCLOCK: The LOOP_DRIFTINIT and LOOP_DRIFTCOMP cases are no-ops. */ void loop_config( @@ -804,6 +820,7 @@ loop_config( case LOOP_DRIFTINIT: +#ifndef LOCKCLOCK #ifdef KERNEL_PLL /* * Assume the kernel supports the ntp_adjtime() syscall. @@ -869,10 +886,12 @@ loop_config( pll_status); } #endif /* KERNEL_PLL */ +#endif /* LOCKCLOCK */ break; case LOOP_DRIFTCOMP: +#ifndef LOCKCLOCK /* * If the frequency value is reasonable, set the initial * frequency to the given value and the state to S_FSET. @@ -907,6 +926,7 @@ loop_config( (void)ntp_adjtime(&ntv); } #endif /* KERNEL_PLL */ +#endif LOCKCLOCK break; /* diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 66c648f4be..5b658bd233 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -1717,6 +1717,11 @@ clock_filter( /* * clock_select - find the pick-of-the-litter clock + * + * LOCKCLOCK: If the local clock is the prefer peer, it will always be + * enabled, even if declared falseticker, (2) only the prefer peer can + * be selected as the system peer, (3) if the external source is down, + * the system leap bits are set to 11 and the stratum set to infinity. */ void clock_select(void) @@ -1752,6 +1757,11 @@ clock_select(void) osurv = sys_survivors; sys_survivors = 0; sys_prefer = NULL; +#ifdef LOCKCLOCK + sys_leap = LEAP_NOTINSYNC; + sys_stratum = STRATUM_UNSPEC; + memcpy(&sys_refid, "DOWN", 4); +#endif /* LOCKCLOCK */ nlist = 0; for (n = 0; n < HASH_SIZE; n++) nlist += peer_hash_count[n]; @@ -1805,13 +1815,18 @@ clock_select(void) */ if (peer->refclktype == REFCLK_LOCALCLOCK #if defined(VMS) && defined(VMS_LOCALUNIT) - /* wjm: local unit VMS_LOCALUNIT taken seriously */ - && REFCLOCKUNIT(&peer->srcadr) != VMS_LOCALUNIT + /* wjm: VMS_LOCALUNIT taken seriously */ + && REFCLOCKUNIT(&peer->srcadr) != + VMS_LOCALUNIT #endif /* VMS && VMS_LOCALUNIT */ ) { typelocal = peer; if (!(peer->flags & FLAG_PREFER)) continue; /* no local clock */ +#ifdef LOCKCLOCK + else + sys_prefer = peer; +#endif /* LOCKCLOCK */ } if (peer->sstclktype == CTL_SST_TS_TELEPHONE) { typeacts = peer; @@ -1886,7 +1901,7 @@ clock_select(void) * falsetickers and try again. If the number of falsetickers * becomes equal to or greater than half the number of * candidates, the Albanians have won the Byzantine wars and - * correct syncrhonization is not possible. + * correct synchronization is not possible. * * Here, nlist is the number of candidates and allow is the * number of falsetickers. @@ -2108,7 +2123,7 @@ clock_select(void) * stratum is at least the floor and there are enough survivors. * This minimizes the pain when tossing out rascals beneath the * floorboard. Don't count peers with stratum above the ceiling. - * Manycast is is sooo complicated. + * Manycast is sooo complicated. */ leap_consensus = 0; for (i = nlist - 1; i >= 0; i--) { @@ -2172,7 +2187,9 @@ clock_select(void) printf("select: prefer offset %.6f\n", sys_offset); #endif - } else if (typepps) { + } +#ifndef LOCKCLOCK + else if (typepps) { sys_peer = typepps; sys_peer->status = CTL_PST_SEL_PPS; sys_offset = sys_peer->offset; @@ -2186,7 +2203,8 @@ clock_select(void) printf("select: pps offset %.6f\n", sys_offset); #endif - } else { + } + else { if (typesystem) sys_peer = osys_peer; else @@ -2200,6 +2218,7 @@ clock_select(void) sys_offset); #endif } +#endif /* LOCKCLOCK */ if (osys_peer != sys_peer) { if (sys_peer == NULL) sys_peer_refid = 0; diff --git a/ntpd/ntp_util.c b/ntpd/ntp_util.c index f1fbf737f4..f52cefb3aa 100644 --- a/ntpd/ntp_util.c +++ b/ntpd/ntp_util.c @@ -632,11 +632,12 @@ record_sys_stats(void) now.l_ui %= 86400; if (sysstats.fp != NULL) { fprintf(sysstats.fp, - "%lu %s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", - day, ulfptoa(&now, 3), sys_stattime, sys_received, - sys_processed, sys_newversionpkt, + "%lu %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", + day, ulfptoa(&now, 3), sys_stattime / 3600, + sys_received, sys_processed, sys_newversionpkt, sys_oldversionpkt, sys_unknownversion, - sys_badlength, sys_badauth, sys_limitrejected); + sys_restricted, sys_badlength, sys_badauth, + sys_limitrejected); fflush(sysstats.fp); proto_clr_stats(); } @@ -759,12 +760,10 @@ sock_hash( ch++; hashVal = 37 * hashVal + (int)*ch; } -#if 0 /* monitor does not want port */ ch = (char *)&((struct sockaddr_in *)addr)->sin_port; hashVal = 37 * hashVal + (int)*ch; ch++; hashVal = 37 * hashVal + (int)*ch; -#endif switch(addr->ss_family) { case AF_INET: ch = (char *)&((struct sockaddr_in *)addr)->sin_addr; diff --git a/ntpd/refclock_local.c b/ntpd/refclock_local.c index 9a4944232a..3478f43838 100644 --- a/ntpd/refclock_local.c +++ b/ntpd/refclock_local.c @@ -164,10 +164,11 @@ local_start( * Initialize miscellaneous variables */ peer->precision = sys_precision; + pp->leap = LEAP_NOTINSYNC; peer->stratum = STRATUM; pp->stratum = STRATUM; pp->clockdesc = DESCRIPTION; - memcpy((char *)&pp->refid, REFID, 4); + memcpy(&pp->refid, "INIT", 4); poll_time = current_time; return (1); } @@ -175,6 +176,15 @@ local_start( /* * local_poll - called by the transmit procedure + * + * LOCKCLOCK: If the kernel supports the nanokernel or microkernel + * system calls, the leap bits are extracted from the kernel. If there + * is a kernel error or the kernel leap bits are set to 11, the NTP leap + * bits are set to 11 and the stratum is set to infinity. Otherwise, the + * NTP leap bits are set to the kernel leap bits and the stratum is set + * as fudged. This behavior does not faithfully follow the + * specification, but is probably more appropriate in a multiple-server + * national laboratory network. */ static void local_poll( @@ -217,25 +227,29 @@ local_poll( * the leap bits and quality indicators from the kernel. */ #if defined(KERNEL_PLL) && defined(LOCKCLOCK) - memset((char *)&ntv, 0, sizeof ntv); + memset(&ntv, 0, sizeof ntv); switch (ntp_adjtime(&ntv)) { case TIME_OK: pp->leap = LEAP_NOWARNING; + peer->stratum = pp->stratum; break; case TIME_INS: pp->leap = LEAP_ADDSECOND; + peer->stratum = pp->stratum; break; case TIME_DEL: pp->leap = LEAP_DELSECOND; + peer->stratum = pp->stratum; break; default: pp->leap = LEAP_NOTINSYNC; + peer->stratum = STRATUM_UNSPEC; } - pp->disp = ntv.maxerror / 1e6; - pp->jitter = SQUARE(ntv.esterror / 1e6); + pp->disp = 0; + pp->jitter = 0; #else /* KERNEL_PLL LOCKCLOCK */ pp->leap = LEAP_NOWARNING; pp->disp = DISPERSION;